Merge "Disable http_proxy_to_wsgi middleware by default"

2 files changed, 47 insertions, 0 deletions

diff --git a/oslo_middleware/http_proxy_to_wsgi.py b/oslo_middleware/http_proxy_to_wsgi.py
index a2da6ab..ad61401 100644
--- a/oslo_middleware/http_proxy_to_wsgi.py
+++ b/oslo_middleware/http_proxy_to_wsgi.py
@@ -12,9 +12,19 @@
 # implied. See the License for the specific language governing permissions and
 # limitations under the License.
 from debtcollector import removals
+from oslo_config import cfg
 from oslo_middleware import base
 
 
+OPTS = [
+    cfg.BoolOpt('enable_proxy_headers_parsing',
+                default=False,
+                help="Wether the application is behind a proxy or not. "
+                     "This determines if the middleware should parse the "
+                     "headers or not.")
+]
+
+
 class HTTPProxyToWSGI(base.ConfigurableMiddleware):
     """HTTP proxy to WSGI termination middleware.
 
@@ -23,6 +33,10 @@ class HTTPProxyToWSGI(base.ConfigurableMiddleware):
 
     """
 
+    def __init__(self, application, *args, **kwargs):
+        super(HTTPProxyToWSGI, self).__init__(application, *args, **kwargs)
+        self.oslo_conf.register_opts(OPTS, group='oslo_middleware')
+
     @staticmethod
     def _parse_rfc7239_header(header):
         """Parses RFC7239 Forward headers.
@@ -40,6 +54,8 @@ class HTTPProxyToWSGI(base.ConfigurableMiddleware):
         return result
 
     def process_request(self, req):
+        if not self._conf_get('enable_proxy_headers_parsing'):
+            return
         fwd_hdr = req.environ.get("HTTP_FORWARDED")
         if fwd_hdr:
             proxies = self._parse_rfc7239_header(fwd_hdr)
diff --git a/oslo_middleware/tests/test_http_proxy_to_wsgi.py b/oslo_middleware/tests/test_http_proxy_to_wsgi.py
index 8db1190..26baa77 100644
--- a/oslo_middleware/tests/test_http_proxy_to_wsgi.py
+++ b/oslo_middleware/tests/test_http_proxy_to_wsgi.py
@@ -29,6 +29,10 @@ class TestHTTPProxyToWSGI(test_base.BaseTestCase):
             return util.application_uri(req.environ)
 
         self.middleware = http_proxy_to_wsgi.HTTPProxyToWSGI(fake_app)
+        self.middleware.oslo_conf.set_override('enable_proxy_headers_parsing',
+                                               True,
+                                               group='oslo_middleware',
+                                               enforce_type=True)
         self.request = webob.Request.blank('/foo/bar', method='POST')
 
     def test_backward_compat(self):
@@ -98,3 +102,30 @@ class TestHTTPProxyToWSGI(test_base.BaseTestCase):
         self.request.headers['X-Forwarded-Prefix'] = "/bla"
         response = self.request.get_response(self.middleware)
         self.assertEqual(b"https://example.com:8043/bla", response.body)
+
+
+class TestHTTPProxyToWSGIDisabled(test_base.BaseTestCase):
+
+    def setUp(self):
+        super(TestHTTPProxyToWSGIDisabled, self).setUp()
+
+        @webob.dec.wsgify()
+        def fake_app(req):
+            return util.application_uri(req.environ)
+
+        self.middleware = http_proxy_to_wsgi.HTTPProxyToWSGI(fake_app)
+        self.middleware.oslo_conf.set_override('enable_proxy_headers_parsing',
+                                               False,
+                                               group='oslo_middleware',
+                                               enforce_type=True)
+        self.request = webob.Request.blank('/foo/bar', method='POST')
+
+    def test_no_headers(self):
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(b"http://localhost:80/", response.body)
+
+    def test_url_translate_ssl_has_no_effect(self):
+        self.request.headers['X-Forwarded-Proto'] = "https"
+        self.request.headers['X-Forwarded-Host'] = "example.com:123"
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(b"http://localhost:80/", response.body)